China's Cyber Trojan Horse Gallops into US Infrastructure as Hacks Run Amok

This is your Digital Frontline: Daily China Cyber Intel podcast.

Hey listeners, Ting here on Digital Frontline: Daily China Cyber Intel—the one-stop byte for all things China, hacking, and national security, freshly brewed for Sunday, August 3, 2025. Let’s plug straight into the cyber happenings of the past 24 hours, because, wow, the ones and zeroes haven’t taken a break.

First up, if you think cyber risk from China is hype, Arnie Bellini, former ConnectWise CEO, begs to disagree. He’s waving the red flag—China’s the numero uno digital threat, with their tech flooding US infrastructure and hiding mysterious code. Think: a Trojan horse with a power cable. We’re not just talking minor bugs—official US investigations have found code in imported inverters, batteries, EV chargers, and even heat pumps that could remotely flip the switch on our natural gas pipes or power grids. According to Bellini, “We’re rolling in the Trojan horse.” And it’s not rolling out anytime soon.

Pivoting to cyber espionage, it’s been a smorgasbord of American targets this week. The group Salt Typhoon, widely suspected as Chinese state-backed, breached a U.S. state’s Army National Guard network, scraping sensitive data from March to December last year. And in case that wasn’t enough, CNN just revealed that the Washington, D.C. firm Wiley Rein—key advisor for US-China trade—got popped again, hackers digging for intelligence gold.

Microsoft’s SharePoint platform has been a hackfest lately, too. Several Chinese-linked groups, including Storm-2603 and Violet Typhoon, exploited new bugs, breaching everything from the National Nuclear Security Administration to the Rhode Island General Assembly. Microsoft scrambled patches, but attackers were already inside. To rub more salt in, a ProPublica expose revealed US Department of Defense computer systems quietly maintained by engineers in China—Microsoft axed that practice, fast.

And if your business runs SonicWall VPNs, brace yourself. Akira ransomware has been chewing through even fully patched VPNs. Arctic Wolf Labs suspects a zero-day flaw—organizations with all the right settings, even multi-factor authentication, still got whacked. Until SonicWall releases a fix, experts recommend disabling SSL VPN services entirely and watching for suspicious logins, especially from virtual private servers.

Speaking of ransomware, the SafePay gang is wreaking havoc. The US has borne the brunt, with 103 confirmed victims this year—manufacturing, education, and health care are their favorite targets. SafePay’s malware won’t even bother if it spots a Russian, Kazakh, or Azerbaijani system language—it’s laser-focused on Western pockets.

And before anyone thinks pure cybercrime is separate from geopolitics, Silent Push’s CEO Ken Bagnall says otherwise. Take Funnull, a Philippines-based infrastructure provider for scams run by Liu Lizhi, a Chinese national. The US Treasury sanctioned them in May, citing 332,000 scam-linked domains. But as Bagnall points out, cyber crooks in China often have quiet encouragement from home—think “digital privateers.”

So what should you, clever listeners, actually do? One: audit your supply chain and dump iffy hardware from suspect regions. Two: patch fast, but don’t trust patches alone. Three: deploy behavioral monitoring, segment networks, and treat every VPN login like it’s a potential red alert. Last, remember—defense is a moving target; the digital cat-and-mouse never sleeps.

That’s a byte-packed wrap for today. Thanks for tuning in, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta